Preserved Topic: evil authorization (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=21218" title="Pages that link to Preserved Topic: evil authorization (Page 1 of 1)" rel="nofollow" >Preserved Topic: evil authorization <span class="small">(Page 1 of 1)</span>\$

maninacan Paranoid (IV) Inmate From: Seattle, WA, USA Insane since: Oct 2001	posted 03-30-2002 01:03 ok, so I'm trying to set up an administration page on my site with php, but it's being evil. so here's the code: <? if(!isset($PHP_AUTH_USER)){ header("WWW-Authenticate: Basic realm=\"Administration\""); header("HTTP/1.0 401 Unauthorized"); echo "Authorization Required."; exit; } and then there's an else statement below that. I figured out that it messes up when it sends the 401 header, and I don't what to do, cause I'm doing exactly what I've seen in several places including php.net. Any help would be appreciated, and I need help soon, so please hurry. http://www.kewlster.com
bitdamaged Maniac (V) Mad Scientist From: 100101010011 <-- right about here Insane since: Mar 2000	posted 03-30-2002 03:32 What happens? and what server type? .:[ The Tao of Steve ]:. Be Desireless Be Excellent Be Gone ...................................
maninacan Paranoid (IV) Inmate From: Seattle, WA, USA Insane since: Oct 2001	posted 03-30-2002 03:59 apache server, it comes up with a 500 server error. When I comment out the line talked about above, the error goes away, but of course the authorization box thing doesn't come up, cause the header isn't sent. and this is what the error log has to say: [Fri Mar 29 19:03:09 2002] [error] [client 207.202.205.244] malformed header from script. Bad header=HTTP/1.0 401 Unauthorized: c:/php/php.exe OK I figured out the problem after looking some more at php.net. They really should make it clearer. But I ended up replacing that line with: header("Status: 401 Unauthorized"); and it worked. Hurray. http://www.kewlster.com [This message has been edited by maninacan (edited 03-30-2002).] [This message has been edited by maninacan (edited 03-30-2002).]
maninacan Paranoid (IV) Inmate From: Seattle, WA, USA Insane since: Oct 2001	posted 03-30-2002 05:24 ok authorization sucks. I got it to pop up the box thing now, but it's not putting the entered username or password into the variables it's supposed to according to php.net. I saw that on the discussion about it on php.net many people where having problems, and they offered many solutions, none of which worked for me, any ideas???????????????????????????? http://www.kewlster.com
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 03-30-2002 07:19 The first sentence in the PHP manual about HTTP authentication says: --- start copy/paste --- The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version. --- end copy/paste --- And you're running CGI version (php.exe). If you want to make it work you'll have to install PHP as Apache module...
maninacan Paranoid (IV) Inmate From: Seattle, WA, USA Insane since: Oct 2001	posted 03-30-2002 17:10 how would I do that? http://www.kewlster.com
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 03-30-2002 17:16 Read PHP installation manual...
maninacan Paranoid (IV) Inmate From: Seattle, WA, USA Insane since: Oct 2001	posted 03-30-2002 22:34 ok http://www.kewlster.com
Pugzly Paranoid (IV) Inmate From: 127.0.0.1 Insane since: Apr 2000	posted 04-03-2002 02:16 Just out of curiosity, I was attempting to search the PHP site for more info on this, but wasn't able to find anything. Anyone got some links on using this?
Pugzly Paranoid (IV) Inmate From: 127.0.0.1 Insane since: Apr 2000	posted 04-03-2002 04:27 Nevermind - I found this: http://hotwired.lycos.com/webmonkey/00/05/index2a_page2.html?tw=programming
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 04-03-2002 05:41 I don't know how you didn't find this... http://www.php.net/manual/en/features.http-auth.php
Pugzly Paranoid (IV) Inmate From: 127.0.0.1 Insane since: Apr 2000	posted 04-03-2002 12:59 Oh man....I need a vacation. I tried searching for $PHP_AUTH_USER and WWW-Authenticate and came up empty. Thanks!

Preserved Topic: evil authorization (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=21218" title="Pages that link to Preserved Topic: evil authorization (Page 1 of 1)" rel="nofollow" >Preserved Topic: evil authorization <span class="small">(Page 1 of 1)</span>\$

maninacan
Paranoid (IV) Inmate

From: Seattle, WA, USA
Insane since: Oct 2001

posted 03-30-2002 01:03

ok, so I'm trying to set up an administration page on my site with php, but it's being evil.
so here's the code:

<?
if(!isset($PHP_AUTH_USER)){
header("WWW-Authenticate: Basic realm=\"Administration\"");
header("HTTP/1.0 401 Unauthorized");
echo "Authorization Required.";
exit;
}
and then there's an else statement below that. I figured out that it messes up when it sends the 401 header, and I don't what to do, cause I'm doing exactly what I've seen in several places including php.net. Any help would be appreciated, and I need help soon, so please hurry.

http://www.kewlster.com

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted 03-30-2002 03:32

What happens?
and what server type?

.:[ The Tao of Steve ]:.
Be Desireless
Be Excellent
Be Gone
...................................

maninacan
Paranoid (IV) Inmate

From: Seattle, WA, USA
Insane since: Oct 2001

posted 03-30-2002 03:59

apache server,
it comes up with a 500 server error.
When I comment out the line talked about above, the error goes away, but of course the authorization box thing doesn't come up, cause the header isn't sent.

and this is what the error log has to say:
[Fri Mar 29 19:03:09 2002] [error] [client 207.202.205.244] malformed header from script. Bad header=HTTP/1.0 401 Unauthorized: c:/php/php.exe

OK I figured out the problem after looking some more at php.net. They really should make it clearer. But I ended up replacing that line with:
header("Status: 401 Unauthorized");
and it worked. Hurray.

http://www.kewlster.com

[This message has been edited by maninacan (edited 03-30-2002).]

[This message has been edited by maninacan (edited 03-30-2002).]

maninacan
Paranoid (IV) Inmate

From: Seattle, WA, USA
Insane since: Oct 2001

posted 03-30-2002 05:24

ok authorization sucks. I got it to pop up the box thing now, but it's not putting the entered username or password into the variables it's supposed to according to php.net. I saw that on the discussion about it on php.net many people where having problems, and they offered many solutions, none of which worked for me, any ideas????????????????????????????

http://www.kewlster.com

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 03-30-2002 07:19

The first sentence in the PHP manual about HTTP authentication says:

--- start copy/paste ---
The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version.
--- end copy/paste ---

And you're running CGI version (php.exe). If you want to make it work you'll have to install PHP as Apache module...

maninacan
Paranoid (IV) Inmate

From: Seattle, WA, USA
Insane since: Oct 2001

posted 03-30-2002 17:10

how would I do that?

http://www.kewlster.com

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 03-30-2002 17:16

Read PHP installation manual...

maninacan
Paranoid (IV) Inmate

From: Seattle, WA, USA
Insane since: Oct 2001

posted 03-30-2002 22:34

ok

http://www.kewlster.com

Pugzly
Paranoid (IV) Inmate

From: 127.0.0.1
Insane since: Apr 2000

posted 04-03-2002 02:16

Just out of curiosity, I was attempting to search the PHP site for more info on this, but wasn't able to find anything. Anyone got some links on using this?

Pugzly
Paranoid (IV) Inmate

From: 127.0.0.1
Insane since: Apr 2000

posted 04-03-2002 04:27

Nevermind - I found this: http://hotwired.lycos.com/webmonkey/00/05/index2a_page2.html?tw=programming

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 04-03-2002 05:41

I don't know how you didn't find this...

http://www.php.net/manual/en/features.http-auth.php

Pugzly
Paranoid (IV) Inmate

From: 127.0.0.1
Insane since: Apr 2000

posted 04-03-2002 12:59

Oh man....I need a vacation.

I tried searching for $PHP_AUTH_USER and WWW-Authenticate and came up empty.

Thanks!